On Tue, 4 Mar 2003, Bailey Kong wrote: > Host1 ---------> Iptables/GW ------> Router ------> INET -----> VPN Server > (192.168.1.10) SNAT NO NAT > ^ > | > Host2 ---------------------------------| > (INET IP different from the one Iptables/GW uses) > > This is how we are able to get 2 connections to the VPN Server, now the > people that setup the VPN Server claim that there aren't any limits like 1 > connection per IP or anything like that, I'm also wondering, if you ever > could make more than 1 connection to a VPN Server from the same IP. I'm > not very familiar with VPNs. You are right, at least one NAT gateway should take care of the call ID numbers the clients assign themselves. These numbers are rewritten by iptables so that when replies come back from the PPTP server, iptables will be able to demultiplex the data among the clients. Likewise, the PPTP server itself should better take care of assigning unique call ID numbers to every incoming call. The server then passes its call ID number to the client over TCP. Now multiple clients with the same source IP address will be demultiplexed by the PPTP server thanks to the peer (destination) call ID field of the GRE header. Check this out as well: http://sourceforge.net/docman/display_doc.php?docid=14460&group_id=44827 -- Ilguiz Latypov Net Integration Technologies, Inc tel. +1 (514) 281 9191 x 117
